Security News > 2020 > September > Unprotected Server Leaks Data of Microsoft Bing Mobile App Users
WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft's Bing mobile application.
White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft's Bing mobile app by installing the application and running a search for WizCase.
The exposed server was designed to log data related to the Android and iOS Bing mobile applications.
"Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk. We saw records of people searching from more than 70 countries," the experts say.
Responding to a SecurityWeek inquiry, a Microsoft spokesperson confirmed the incident: "We've fixed a misconfiguration that caused a small amount of search query data to be exposed. After analysis, we've determined that the exposed data was limited and de-identified."
News URL
Related news
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)